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Exhibit 1 
Netdevlib.py 




ib.py - a superclass for network devices 



import string 
import sys 
import os 
import re 
import telnetpp2g 
import socket 
import time 

from jiveutils import is_ip_address 
from socket import gethostbyname 
import types 



class NetDev: 

def init (self, addr, tnobj = None, timeout=10) : 

self.BadCmd = "BadCmd" 
if is_ip_address (addr) : 

self.addr = addr 
else : 

self.addr = gethostbyname (addr) 
print "%s addr: %s" % ( self . devtype , self.addr) 
if tnobj == None: 

self. conn = telnetpp2g . Telnet (addr , timeout) 
else: 

self .conn = tnobj 
self, log = "%s @ %s=n IT % (self . devtype, addr) 
self . debuglevel = 0 

self . conf ig_ prompt = re . compile ( " \ (. +\ )#" ) 
self. enabled - 0 

# 

# Given a device, not in enable mode, returns a dictionary that 

# can be passed to spin. Device. updateHW 
# 

. def truthify (self ) : 
pass 

# 

# Given a new device, performs all authentication which needs to 

# be done to get into the most privleged mode on that device 
# 

def enable_mode (self , passwords = None): 
pass 

# 

# Given a device, not in enable mode, saves the running configuration 

# into self .conf, and returns said configuration. 

# . 

def get_conf ig (self ) : 
pass 

# 

# Given a device which has already had get_config() called on it, performs 

# any processing on the configuration required before saving it into 

# /cust/ conf igs/ <hostname> -conf ig 



# 

def dump_conf ig (self ) : 
pass 

import alteonlib, ciscoioslib, ciscopixlib, ciscocatoslib, brocadelib, 
netscreenlib 

def conn_f rom_spin (spin, dvc_id) : 

dvc = spin. Device . get ( { "id" : dvc_id}) 
if dvc ["dvc_type"J == "FIREWALL": 

dc = spin. Device . getChildren ({" id" : dvc_id, 

"child_class" : "DeviceConsole" } ) 

ip = dc [ "console_ip"] 

dvc_class - ciscopixlib.CiscoPIX 
elif dvc ["dvc_type"] "LOADBALANCER" : 

ip = spin. Device .getlPList ({ "id" : dvc_id})[0] 

dvc_class = alteonlib .Alteon 
elif dvc ["dvc_type"] == "ROUTER": 

ip = spin. Device .getIP ({ "id" : dvc_id}) 

dvc_class = ciscoioslib . CiscoIOS 
elif dvc [ M dvc_type M ] == "VPN": 

ip = spin. Device .get IP ( { "id" : dvc_id}) 

dvc_class = netscreenlib. NetScreen 
elif dvc ["dvc_type"] == "SWITCH": 

ip = spin. Device .get IP ({ "id" : dvc_id}) 

if string. find (dvc [ "os_version" ] , "IOS") != -1: 
dvc_class = ciscoioslib . CiscoIOS 

elif dvc [ "dvc_mf g" ] == "Brocade": 
dvc_class = brocadelib . Brocade 

else : 

dvc_class = ciscocatoslib. CiscoCatOS 
if type(ip) != types . StringType : 

print ip 
return dvc_class (ip) 



Exhibit 2 



Alteonlib.py 



#! /lc/bin/python 
# 

# Interact with a Cisco PIX firewall 
# 

import string 
import sys 
import os 
import re 
import telnetpp2g 
import socket 
import time 

from netdevlib import NetDev 
from jiveutils import swint 

class Alteon (NetDev) : 
devtype = "Alteon" 

def init (self, addr, tnobj = None, timeout=10) : 

self . alteon_prompt_regex = re . compile ( " >> [\w|\d|\s]+# $") 
self.oldpw = None 

NetDev. init (self, addr, tnobj, timeout) 

def send_cmd (self , cmd, resp = None, wait =5): 
if resp == None: 

resp = [self . alteon_prompt_regex] 
self . conn. write (cmd) 

idx, matchobj , response = self . conn . expect (resp , wait) 
self .log = self -.log + response 
if (idx == -1) : 

* print "Error from", self. addr 

print "Loadbalancer failed to return to prompt in", repr(wait), 
"seconds. Barfing." 

print "Got", response 

print "Expected" , resp [0] . pattern 

self, log = self, log + "ERROR: last command: ." + cmd 
raise self.BadCmd 
return idx, response 

def get__conf ig (self ) : 

if self. enabled == 0: 

self .enable_mode () 
idx, self.conf = self . send_cmd ( n /cfg/dump\n n ) 
self . conn. close () 
return self.conf 

def connect (self ) : 

self . enable_mode ( ) 

def dump_conf ig (self ) : 
# 

# Get rid of the /cfg/dump 
# 

self.conf = string. split (self .conf, "\n", 1) [1] 
self.conf = string . replace (self . conf , "\r", " " ) 
timestamp__regex = re . compile (" \s*\d+ : \d+ : \d+ \w.. + $" , re.M) 
self.conf = times tamp_regex . sub ( " " , self.conf) 



hostname_regex = re . compile (' /cf g/snmp/name \ " (\w+ ( -\w+) ?\ . \w+) \ " ' , 

re . M) 

matchobj = hostname_regex. search (self . conf ) 
if matchobj == None: 

print "No hostname found on Alteon " , self .addr 

hostname = self. addr 
else : 

hostname = matchobj . group ( 1) 

fd = open ( "/cust/conf igs/%s-config" % (hostname), "w" ) 
fd. write (self . conf) 
fd. close ( ) 

fd = open ( "/cust/conf igs/%s-log" % (hostname), "w") 
fd. write (self . log) 
f d. close ( ) 

# 

# conf ig_mode () - this is just a placeholder to fill in the 

# network device signature until it is all 

# inherited properly 
# 

def conf ig_mode (self ) : 

self . conf ig_prompt = self . alteon_prompt_regex 
pass 

# 

# enable_mode ( ) - another placeholder 
# 

def enable_mode (self , passwords = None) : 
password_re = re . compile ( "password: " ) 

yesno__prompt = re . compile ("( \ [y/n\] : ) | (n to skip it)") 
idx, matchobj, response = self . conn . expect ( [password_re] , 5) 
if (idx = = -1) : : 
print response 

print "Unable to connect to the loadbalancer at ", self. addr, " 

self. log = self. log + response 

raise self.BadCmd 
idx, resp = self . send_cmd ( "On3&R00t\n" , [self . alt eon_j>rompt_regex, 

password_re, 
yesnojirompt] ) 

if idx ==1: 

self . send_cmd ( "admin\n" ) 

self.oldpw = 1 
if idx ~- 2 : 

self . send_cmd ( "y\n n ) 
self . send_cmd ( "lines 0\n" ) 
self. enabled =1 

# 

# get_arp_table 
# 

# returns a list of tuples of the form (mac address, ip address) 
# 

def get_arp_table (self ) : 
self . enable_mode ( ) 

idx, jive = self . send_cmd ( " /inf o/arp/dump\n" ) 



jive = string. split (jive, "\r\n") 

self . conn. close ( ) 

arplines = jive [3: -2] 

alt_arp = [] 

for arp in arplines: 

mac = arp [24: 41] 

newmac = string . upper (mac) 

print newmac 

alt_arp . append ( (newmac, (string . strip (arp [2 : 17] ) ) ) ) 
return alt__arp 

def end_conf ig (self ) : 

yesno_j?rompt = re . compile ( "\ [y/n\] " ) 

self . send_cmd ( " apply\n" ) 

self . conn .write ( "save\n" ) 

self . conn. expect ( tyesnojrompt] , 5) 

# this confirms the save 

self /send_cmd ( "y\n" , [yesno_jprompt] ) 

# this is to answer the switching boot config question 
self . send_cmd ( "y\n" ) 

self . send_cmd ( " /boot/reset\n" , [yesno_jprompt] ) 
self . conn .write ( "y\n" ) 

def done_conf ig (self ) : 
self . end_conf ig ( ) 

def init_f rom_f ile (self , templatef ile , vars) : 
login_prompt = re . compile ( "Username :" ) 
pass_j?rompt = re. compile ("Password: ") 
lpass_prompt = re . compile ( " [Pp] assword :" ) 
yesno_prompt = re . compile ( " (\ [y/n\] :) | (n to skip it)") 

# 

# Authenticate past terminal server 
# 

idx, matchobj , response = self . conn . expect ( [login^prompt] , 15) 
if (idx == -1) : 

print response 

print 'No login prompt.' 

raise self.BadCmd 

print "sending username" 

self . send_cmd ( " jake\n" , [pass_prompt] ) 

print "sending passwd" 

self . conn . write ( M qdSeTlE\n\r\n\r\n" ) 

time.sleep(2) 

self . conn. write ( "\r\n\r\n" ) 
good = None 
. while 1: 

idx, matchobj, response = self . conn . expect ( [lpass_prompt] , 
print idx, response 
if idx ==0: 

good = 1 
else : 

break 

' # 



# if good is true, we should have gotten to the last yes/no prompt 
# 

print good 
if good ==1: 

self . conn .write ( "admin\n" ) 

self .conn. expect ( [yesno_prompt] , 5) 

self . send_cmd ( "n\n" ) 
fd = open (templatef ile, "r") 
config = fd.readO 
fd. close 

for var, val in vars. items () : 

config = string . replace (config, var, val) 
cfglines = string . split (config, "\n") 
for cfgline in cfglines: 

# when the alteons are processing scripts, they don't 

# give back a prompt. this is crude rate-limiting 
self .conn. write (cfgline + "\n" ) 

time . sleep (0 . 25) 

# you can't set the administrator password from a script 
self . send_cmd ( "\n" ) 

self . send_cmd ( "/cfg/ sys/admpw\n" , [lpassjrompt] ) 
self . send_cmd ( "admin\n" , [lpass_prompt] ) 
self . send_cmd ( "On3&R00t\n" , [lpass_prompt] ) 
self .send_cmd("On3&R00t\n") 
self . end_conf ig ( ) 

def truthify (self ) : 
self .get_conf ig ( ) 

model_re = re . compile (r"script start \ " ( [\w\s] +) \ " " ) 
vlan_re =. re . compile (r n /cf g/vlan (\d+) /ena/name \ " ( [\w\s] + ) \ " " ) 
if_re = re . compile (r"/cfg/ip/if (\d+) 6 /addr ( [\d . ] +) /mask [\d.]+/broad 
.]+/ vlan (\d+) ") 

version_re = re . compile ( "Version ([\d+.]+) H ) 

sysname = "ERROR" 
model = "ERROR" 
version = "ERROR" 

vlan_list = vlan_re . f indall (self . conf ) 
if_list = if_re . f indall (self . conf ) 

try: 

model = model_re . search (self . conf ). group (1) 

sysname = string . split (string . split (self . conf , "\n") [4]) [1] 
version = version_re . search (self . conf ). group (1) 
except AttributeError , why: 
pass ■ 

vlans = { } 

for number, name in vlan_list: 
vlans [number] = name 

ifs = [] 

for slot, addr, vlan in if_list: 



int = swint(slot) 
int. type = "VLAN" 
int . ipaddr = addr 

if Slot == "1" : 

int. primary = "1" 
if s .append (int .make_dict () ) 

sw_dict = { } 

sw_dict [ "mid" ] = sysname 
sw_dict ["dvc_model" ] = model 
sw_dict [ "dvc_mf g" ] = "Alteon" 
sw_dict ["systenwiame"] = sysname 
sw_dict ["os_version"] = version 
sw_dict [" interf ace_cards"] = ifs 
sw_dict ["dvc_type"] = "LOADBALANCER" 

return sw diet 



Exhibit 3 
Ciscopixlib.py 



#! /lc/bin/python 
# 

# Interact with a Cisco PIX firewall 
# 

import string 
import sys 
import os 
import re . 
import telnetpp2g 
import socket 
import time 
import signal 

from netdevlib import NetDev 

from jiveutils import swint, convert_mac, is_ip_address 

class CiscoPIX (NetDev) : 
devtype = "CiscoPIX" 

def init (self, addr, tnobj = None, timeout=10) : 

NetDev. init (self, addr, tnobj, timeout) 

# 

# send_cmd - send a command to the firewall, and expect a certain 

# response back 

# cmd - \n terminated string to send the firewall 

# resp - a list of regexs detailing permissable responses 
# 

# returns (idx, response) 

# idx - index of the matching regex returned by the firewall 

# response - text of the response from the firewall 
# 

# raises BadCmd if the firewall does not respond with one of the 

# permitted responses within 5 seconds 
# 

def send_cmd (self , cmd, resp, time - 10): 
self . conn .write (cmd) 

idx, matchobj , response - self . conn . expect (resp , time) 
self. log = self. log + response 
if self .debuglevel >= 1: 

print response 
■ , if idx == -1: 

print "Switch output (", string . strip (response) , \ 
") did not match ", resp [0] . pattern 

self. log = self. log + "ERROR: last command: " + cmd 

raise self. BadCmd, cmd 
else: 

return idx, response 

• # 

# get__conf ig () - get the running config from the firewall 
# 

# sets self .config to contain the text of the configuration 

# of the firewall. also returns the configuration. 
# 

def get_conf ig (self ) : 

enable_ prompt = re . compile (" (\w+ (\ . \S+) ?)#" , re.M) 
switch^prompt = re . compile (" (\w+ (\ . \S+) ?)>" , re.M) 



if self. enabled 0: 
self . enable_mode ( ) 

idx, self.conf = self . send_cmd ( "wr t\n", [enable ^prompt] ) 
idx, self.ver = self . send_cmd ( "sh ver\n", [enable_prompt] ) 
self . send_cmd ( "disable\n" , [switch_prompt] ) 
return self.conf 

# 

# dump_config - write the running configuration into a file 

# <f irewallname>-conf ig in the current directory 
# 

def dump_conf ig (self ) : 

self.conf = string . replace (self . conf , "\r", " " ) 
self.conf = string. split (self . conf , "\n", 2) [2] 
self.conf = string. split (self .conf , " [OK] ") [0] 
hostname_re = re . compile ( "hostname (\w+ (\ . \S+) ?) " , re.M) 
matchobj = hosthame_re . search (self . conf ) 
self . hostname = matchobj . group { 1 ) 

fd - open ( "/cust/conf igs/%s-config" % (self . hostname) , "w") 
fd. write (self . conf ) 
fd. close () 

fd = open ( "/cust/conf igs/%s-log" % (self . hostname) , "w") 
fd. write (self . log) 
fd. close ( ) 

# 

# enable_mode ( ) - connect to a firewall and bring it to enable mode 
# 

# authenticates past the terminal server, turns of the pager (--More--) 

# and enables using the default password 
# 

def enable_mode (self , passwords = None): 
userjprompt = re . compile ( "Username : " ) 
lpass_prompt = re . compile (" [P | p] assword :" ) 
switchjprompt = re . compile (" (\w+ (\ AS+) ?)>" , re.M) 
enable ^prompt = re . compile (" (\w+ (\ . \S+) ?)#" , re.M) 

idx, matchobj, response = self . conn . expect ( [user_j?rompt] , 2) 
if (idx == -1) : 

print 'No login prompt.' 

raise self.BadCmd 
idx, matchobj = self . send_cmd ( " jake\n" , [lpass__prompt] ) 
if (idx == -1) : 

print 'No password prompt' * 

print "sending passwd" 
self . conn . write ( "qdSeTlE\n" ) 
self . conn. write ( "\r\n\r\n" ) 
time . sleep (2 ) 

self . conn. write ( "\r\n\r\n" ) 
good = None 
sent_uname = None 
sent_pass = None 
while 1: 

idx, matchobj, response = self . conn . expect ( [switch_prompt , \ 

enable_prompt , \ 



userjprompt , \ 
lpass_prompt] , 2)' 

if self .debuglevel >= 1: 

print response, " : ", idx 
if idx ==0: 
good = 1 
elif idx == 1: 

good -2 
elif idx = = 2: 

if sent_uname == None: 

self . conn. write ( " jake\n" ) 
sent_uname = 1 
elif idx = = 3 : 

if sent_pass =- None: 

self . conn . write ( M qdSeTlE\n n ) 
sentj)ass = 1 

else: 

break 
if good = = 1: 

print "setting term len 0" 
print "sending enable" 

idx, respose = self . send_cmd ( "enable\n" , [lpass_prompt , \ 

enable_j?rompt] ) 

if idx — 0 : 

print "sending password" 

self . send_cmd ( "On3&R00t\n" , [enable_prompt] ) 
elif good ! = 2 : 

print "unable to enter enable mode" 

raise self.BadCmd, "Unable to enter enable made." 

print "Setting term length to zero" 

self . send_cmd ( "no pager\n", [enable_prompt] ) 

self. enabled = 1 

# 

# conf ig__mode - enter config mode from enable mode 
# 

def conf igjnode (self ) : 

self . conf ig_prompt = re . compile ( "\ ( . +\) #" ) 
self . send_cmd ( "conf t\n" , [self .conf ig_prompt] ) 

# 

# end_config - exit config mode and write the new configuration to memory 
# 

def done_conf ig (self ) : 

enable_prompt = re . compile ( " (\w+ (\ . \S+) ?)#" , re.M) 

self . send_cmd ( "exit\n n , [enable_prompt] ) 

self . send_cmd ( "wr mem\n" , [enable_prompt] , 10) 

# 

# add_conduit ( ) - add a conduit to a firewall 

# protocol - either tcp or udp 

# addressl - local address/mask pair 

# portl - local port (needs "eq" , use "any" ) 

# address2 - remote address/mask pair 

# port 2 - remote port (needs "eq" ) 
# 



# note - can use "host a.b.c.d" instead of "a.b.c.d 255.265.255.255" 
def add_conduit (self , protocol, addressl, portl, address2, port2) : 

conf ig_prompt - re . compile (" \ (. +\ )#" ) 

cmdstr = string . j oin ([ "conduit permit", "tcp", addressl, \ 

portl, address2, port2, "\n"],. " ") 
self . send_cmd (cmdstr, [conf ig_prompt] ) 

# 

# ip_to_subnet ( ) - given a host ip address and mask, returns the 

# network address 

# ip - ip address in dotted decimal format 

# mask - subnet mask in dotted decimal format 
# 

# returns network address in dotted decimal format 
# 

def ip_to_subnet (ip, mask): 

ip_octets = string. split (ip, ".") 
mask_octets = string . split (mask, ".") 
subnet_octets = [] 
for i in range (4) : 

subnet_octets. append (repr (string. atoi (ip_octets [i] ) & \ 

string. atoi (mask_octets [i] ) ) ) 
return string . join (subnet_octets , ".") 

# 

# subnet__to_ip - returns the nth address in a subnet 
# 

# ip - network ip address 

# delta - n (as in nth address) 
# 

# returns the nth ip address. in the subnet 
def subnet_to_ip (self , ip, delta): 

subnet__octets = string . split (ip, " .") 
ip_octets = subnet_octets 

ip_octets[3] = repr (string . atoi (subnet_octets [3] ) + delta) 
return string . join (ip_octets , ".") 



# init_f rom_f ile - initialize a firewall from a template file and a 

# variable definition file 
# 

# templatefile - a file with a template config consisting of config 

# statements with variables of the form $NAME 

# varfile - a file with a list of $NAME <value> pairs, one per line 
# 

def init_from_f ile (self , templatefile, vars) : 
user_j?rompt = re . compile ( "Username :" ) 
pass_prompt = re . compile ( " [P | p] assword : " ) 
new_fw_j>rompt = re . compile ( "pixf irewall>" ) 
new_f w_en_prompt = re . compile ( "pixf irewalltt " ) 
enable_prompt = re . compile (" (\w+ ( \ . \S + ) ?)#'* , re.M) 
conf ig_prompt = re . compile (" \ (. +\ )#" ) 

# 

# Authenticate past terminal server 
# 

idx, matchobj , response = self . conn . expect ( [user_prompt] , 2) 



if (idx == -1) : 

print 'No login prompt.' 

raise self . BadCmd 
idx, matchobj = self . send_cmd ( " j ake\n" , [pass__prompt] ) 
if (idx == -1) : 

print 'No password prompt' 

print "sending passwd" 
self . conn . write ( "qdSeTlE\n" ) 
self . conn .write ( "\r\n\r\n" ) 
time . sleep (2 ) 

self . conn . write ( "\r\n\r\n" ) 
# 

# Get to the pixfirewall> prompt 
# 

good = None 
while 1: 

idx, matchobj, response = self . conn . expect ( [new_fw_prompt , 

new_f w_en_jprompt] , 

print response 
if idx == 0: 

good = 1 
if idx ==l: 

good = 2 
else: 

break 
if good == 1: 

self . send_cmd ( "enable\n" , [pass_prompt] ) 
self . send_cmd ( " \n" , [new_f w_en_prompt] ) 
elif good =- None: 

raise self. BadCmd 

self . send_cmd ( "conf t\n" , [conf igjirompt] ) 
fd = open (templatef ile, "r") 
config = fd.readO 
f d. close ( ) 

for var, val in vars. items () : 

config = string . replace (conf ig, var, val) 
cfglines = string . split (conf ig, "\n") 
bannerend = None 
for cfgline in cfglines: 

# we need nastiness in here to deal with the banner 
# 

# i should find a better way to handle this 
jive = string . split (cfgline) 

if len(jive) ==0: 

continue 
if cfgline [0] ==»!". 

continue 
if jive[0] == bannerend: 

print "final banner line" 

biotch = biotch + cfgline + "\n" 

self . send_cmd (biotch + "\n", [conf ig_prompt] ) 

bannerend = None 

continue 
if jive [0] == "banner": 



bannerend = jive[-lj 
print "Starting banner" 
biotch = cfgline + n \n" 
continue 
if bannerend != N.one : 

print "another banner line: ", cfgline 
biotch = biotch + cfgline + "\n n 
continue 

self . send_cmd (cfgline + "\n", [conf ig_prompt] ) 
self . done_conf ig ( ) 

def truthify (self ) : 
self . get_conf ig () 

sw_dict = {} 

sysname_re = re . compile ( "hostname (\S+)") 
version_re = re . compile ( "PIX Version (\S+)") 
serial_re = re . compile ( "Serial Number : \s+ (\S+) " ) 
model_re = re . compile ( "Hardware : \s+ (\S + ) , " ) 

mac_addr_re = re . compile ( "\d : (\w+) : address is ( ( ( [0-9a-f ] ) {4 } . ) {2 } ( [0- 
f]{4}))") 

ip_addr_re = re . compile ( "ip address (\S+) ([0-9\.]+) ([0-9\.]+)") 
int_names_re = re . compile ( "name if (\S+) (\S+) security") 

try: 

model = model_re . search (self .ver) .group (1) 
sysname = sysname_re . search (self . conf ). group (1) 
serialnum = serial_re . search (self .ver) . group (1) 
os_ver = version_re . search (self . conf ) .group (1) 
except AttributeError , why: 
pass 

sw_dict ["mid"] = sysname 
sw_dict ["dvc_model"] = model 
sw_dict [ "dvc_mf g" ] = "cisco Systems" 
sw_dict ["serial_num"] = serialnum 
sw_dict ["system_name" ] = sysname 
sw_dict [ "os_version" ] '= os_ver 
sw_dict ["dvc_type"] = "FIREWALL" 

int_names = { } 
ints = {} 

ipaddrs = ip_addr_re . findall (self . conf ) 
macaddrs = mac_addr_re . findall (self .ver) 
for slot, name in int_names_re . findall (self . conf ) : 
int_names [name] - slot 

for slot, mac, a, b, c in macaddrs: 
ints [slot] = swint(slot) 
ints [slot] .macaddr = convert_mac (mac) 
if slot == "ethernetO": 

ints [slot] .primary = "1" 
ints [slot] .type = "ETHERNET" 



for name, ip, mask in ipaddrs: 



ints [int__names [name] ] . ipaddr = ip 
jive = string. split (sysname, ".") 

conname = string . join ( [j ive [0] +" -con" , jivefl]], ".") 

sw_dict [ " interf ace_cards " ] = map (swint .make_dict , ints .values ( ) ) 
sw_dict ["device_console"] = [{ "console_ip" : self.addr, 

"console_host_name" : conname}] 



# Wait for conduit support in spin 

# sw_dict [ "conduits " ] = [] 

# cfg_lines = string . split (self . conf , M \n") 

# for 1 in cfg_lines: 

# w = string . split (1) 

# if len(w) == 0 or w[0] != "conduit": 

# continue 

# sw_dict ["conduits"] . append (self . conduit_parser_spin (1) ) 



return sw_dict 

# 

# Build a spin-compliant representation of a conduit 
# 

def conduit_parser_spin (self , 1) : 

conduit = { "conduit_desc" : string. strip (1) } 
print 1 

w = string. split (string. strip (1) ) 
if len(w) == 0 or not w[0] == "conduit": 
raise "NotConduit " 

# Skip "conduit permit" 
pos = 2 

conduit ["protocol" ] = w[pos] 
pos =, pos + 1 

# we now are at the "local" address 
if w [pos] == "any" : 

conduit ["destination"] = "ANY" 

pos = pos + 1 

if w [pos] == "eq" : 

conduit [ "port " ] = w[pos+l] 

pos = pos + 2 

else: 

if w[pos] == "host": 

conduit ["destination"] = w[pos+l] 

pos = pos + 2 
elif is_ip_address (w [pos] ) : 

conduit [ "destination" ] = string . join (w [pos :pos+l] ) 

pos = pos + 2 
if w [pos] == "any" : 

conduit ["destination"] = "ANY" 

pos = pos + 1 
elif w[pos] == "eq" : 

conduit [ "port " ] = w[pos+l] 

pos = pos + 2 



# 



# We are now at the remote address 
# 

if w[pos] == "any": 

conduit ["source"] = "ANY" 

pos = pos + 1 
else : 

if w[pos] == "host": 

conduit ["source"] = w[pos+l] 

pos = pos + 2 
elif is_ip_address (w [pos] ) : 

conduit [ "source" ] = string . join (w [pos :pos+l] ) 

pos = pos + 2 
elif w[pos] == "any": 

conduit ["source"] = "ANY" 

pos = pos + 1 

return conduit 

# 

# conduit_parser (1) 

# Takes a configuration line representing a conduit and builds 

# a conduit data structure. 
# 

def conduit_parser (1) : 
conduit = { } 

w = string. split (string. strip (1) ) 
pos - 1 

# ■ • 

# should be permit or deny 

# if spin, do not create 
# 

conduit ["type"] = w[pps] 
pos = pos + 1 

# 

# grab the protocol 
# 

conduit [ "protocol" ] = w[pos] 
pos = pos + 1 

#' - - 

# we now are at the "local" address 
# 

if w [pos] == "any" : 

conduit ["local"] = { "obj class" : "ANY" } 

pos = pos + 1 

if w [pos] == "eq" : 

conduit ["local"] ["port"] = w[pos + l] 

pos = pos + 2 

else: 

f_dict = {} 

if w[pos] == "host": 

f_dict = { "obj class ": "HOST" } 

f_dict [ M ip n ] = w[pos+l] 

pos = pos +2 
elif is_ip_address (w [pos] ) : 



f_dict = { "obj class" : "NETWORK"} 

f_dict [ "subnet"] = w[pos] 

f_dict ["mask"] = w[pos + l] 

pos = pos + 2 
if w [pos] == "any" : 

f_dict ["port"] = "ANY" 

pos = pos + 1 
elif w[pos] == "eq" : 

f_dict ["port"] = w[pos + l] 

pos = pos + 2 
conduit ["local"] = f_dict 

# 

# We are now at the remote address 
# 

if w [pos] == "any" : 

conduit ["remote"] = { "obj class" : "ANY" } 

pos = pos + 1 
else : 

fdict - {} 

if w[pos] == "host": 

f__dict = {"obj class": "HOST"} 

f_dict["ip"] = w[pos + l] 

pos = pos +2 
elif is_ip_address (w [pos] ) : 

f_dict = { "obj class ": "NETWORK"} 

f_dict ["subnet"] = w[pos] 

f_dict ["mask"] = w[pos+l] 

pos = pos + 2 
if w[pos] == "any": 

f_dict ["port"] = "ANY" 

pos - pos +1 
elif w[pos] == "eq": 

f_dict ["port"] = w[pos+l] 

pos = pos + 2 
elif w[pos] == "range": 

f_dict ["port"] = w[pos+l] + "-" + w[pos+2] 

pos = pos + 3 
conduit [ "remote" ] = fjdict 

return conduit 

def list_conduits (self , spin): 
pass 



Exhibit 4 
Directory Listing 
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